Monday, December 19, 2011

Exchange OWA and Lync Integration Issue: Multiple SIP ProxyAddresses

I was recently troubleshooting a pesky Lync-OWA integration issue where some users could see the integration and some couldn’t.  I was getting the dreaded:

“Instant Messaging isn’t available right now.  The Contact List will appear when the service becomes available.”

Lync-OWA - OWA error - markup

First thoughts were that because it was only happening to a subset of users, maybe the Exchange CAS server that they were accessing through was having issues.  I was able to force a working connection through that same CAS server without issue for other users, so I knew that the CAS was healthy.

Next step was to investigate the user mailbox since it was very consistent as to whether a user worked or didn’t work.  After comparing two users (one working, one not working), I noticed that the non-working user had multiple SIP addresses defined in the Email Addresses Tab:

Lync-OWA - Exch properties dual SIP - markup

Turns out that in this particular implementation, a Resource Forest model was being used for both Exchange and Lync.  The tools used for user synchronization were copying the current user’s SIP proxy addresses to the new Resource Forest and when the users were getting enabled for Lync, multiple SIP addresses were being applied to the “proxyAddresses” AD attribute:

Lync-OWA - Proxy Addresses

After removing the extra SIP proxy addresses from the resource forest proxyAddresses AD attribute, Lync-OWA integration was restored:

Lync-OWA - OWA working

The SIP entries in the proxyAddresses AD attribute should only contain the SIP address that matches the SIP address that Lync is using.

Friday, December 9, 2011

10 Tips for Keeping Lync Jitter Free

As we wind down 2011, it is a great time to review these tips to keep your Lync infrastructure trouble free in the year ahead.

1. Keep up with Server/Client updates

Microsoft releases major updates for Lync Server and Lync clients (desktop and phone), called Cumulative Updates (CU), on a regular basis. Usually every two to three months. It is extremely important to stay current on all updates as these contain hotfixes, performance improvements, security updates and possibly new functionality. The latest CU at the time of this writing was CU4, which was released at the end of November 2011.

2. Monitor Certificate Expiration Dates

Lync relies very heavily on certificates. In fact, all Lync servers require certificates to function since all server to server and client to server communication is encrypted. Lync can utilize both private and public certificates depending on infrastructure and workloads deployed. Since all certificates have an expiration date, it is best to renew certificates that are set to expire before you get too close to that deadline. If a certificate expires, the workload/service that depends on it will stop functioning. You should centrally coordinate the expiration/renewal of all Lync certificates so that administrators aren’t chasing certificate renewals year round.

3. Review Event Logs (constantly)

As with any Windows application, Event Logs play a major role not only in troubleshooting root causes of existing problems, but also in revealing overall system health issues. Lync Server will create its own Event Log so that all Lync events can be easily read and managed. It is best to use a central monitoring platform that will not only gather Events, but provide real-time alerting on errors and warnings.

4. Use the Best Practices Analyzer and Topology Validator Tools

For system health monitoring and validation use the Best Practices Analyzer (BPA) and the Topology Validator tools from Microsoft. BPA will scan your deployment against defined Microsoft best practices for that application. It is a good idea to run this tool at least once per year to assess the Lync infrastructure and its dependent environmental components for problems. The Lync Topology Validator is part of the Lync Resource Kit, which is a freely downloadable set of troubleshooting and documentation tools. It runs synthetic transactions to test all aspects of Lync’s topology including IM, conferencing, PSTN calling, etc. Lync Topology Validator should be run on a regular basis or as part of a monitoring package that will run the synthetic transactions or a scheduled basis. Since it tests most of the workloads utilizing the production infrastructure, real-time validation and troubleshooting can be achieved.

5. Test Failover/Disaster Recover Plans

As with any other vital application in your organization, regular failover and Disaster Recovery procedures should be performed. Depending on your organization’s goals, this plan might span database recovery, server rebuilds, to complete site failovers. Hopefully you will never need your Disaster Recovery plan, but you don’t want to be in a situation where you are failing over or recovering for the first time.

6. Review/Use the Lync Monitoring Reports

The Lync Monitoring role is vital to any Lync implementation. It contains all sorts of reports ranging from usage statistics, trend analysis, and performance metrics. All Lync call quality or failure issue troubleshooting should start with the Monitoring reports. These will expose trouble spots ranging from poor performing network segments, device issues, and problematic users.

7. Validate Backups of Configuration and User Data

Backups are a part of any good disaster recovery plan. For Lync, it is very important to make sure that configuration data, location information, and persistent user data is backed up on a regular basis. Since most Lync information is dynamic, have the preceding three backups will allow an administrator to recover from most scenarios. I always recommend a two-pronged backup plan: backup Lync databases using backup software like Microsoft Data Protection Manager and export the data by using Lync PowerShell commands.  Also, you should back up archiving and monitoring databases.

8. Review Network Utilization

Lync will place quite a bit of stress on your network if you are deploying voice, video, and web conferencing. You should routinely review historical bandwidth utilization reports across all network segments and determine if any Call Admission Control (CAC), Quality of Service (QoS), or workload policies need to be adjusted.

9. Review Administrative Access

Lync uses Role-based Access Control (RBAC) much like Exchange Server. This allows assigning non-administrators delegated access to perform Lync administration duties within Lync. Some examples would include assigning specific users read-only access and the ability to perform troubleshooting tasks (CsHelpDesk) or allowing specific users to provision, move, or assign policies to Lync enabled accounts (CSUserAdministrator). If Enterprise Voice is enabled, delegated access can be granted to configure voice settings and policies (CSVoiceAdministrator). Custom RBAC roles can also be created.  You should regularly review these groups and determine if group membership is still valid.

10. Review Dependent/Environmental Components

Lync is not a siloed application.  It relies on a healthy Active Directory, DNS, SQL Server backend for its databases, Exchange Server for calendar/presence integration, and networking to provide bandwidth and access.  All complimentary components must be monitored and cared for along with the Lync servers to maintain a properly functioning environment.

As you can see from these 10 tips, Lync is a large and complex infrastructure with many dependencies. However, by using this checklist you will be able to avoid many problems, detect pending issues before they can create downtime, and maintain communications service levels your users expect.

Monday, December 5, 2011

Exchange 2010 SP2 Released!

After months of anticipation, SP2 has released and you can get it HERE!
This will bring the Exchange version to 14.2.247.5.  Here are some additional links:

Also note that SP2 can be installed as a new installation. No need to install RTM or SP1 before installing SP2.

Monday, November 28, 2011

Mission: Update Beta OCS R1 Phone Edition to Lync Phone Edition

I recently received two “original” Tanjay (Polycom CX700) phones from a colleague asking me if I could get them upgraded to Lync.  These contained beta Phone Edition software on them: 1.0.199 (1.23)

WP_000016

Since this was pre-OCS R1, I really wasn’t interested in installing OCS R1 and configuring the awful WSS method to update devices.  I know for a fact, that you cannot directly upgrade these to Lync firmware, so all of my hopes were being able to perform the first couple of upgrades using an OCS R2 server.

I started searching the Internet for tips and came across a guide that addressed my exact need!  Rick Varvel wrote this very detailed guide that explained the process of getting the beta firmware to an OCS R2 firmware.  Once on an OCS R1/R2 firmware, I knew I could easily get it to Lync firmware since either version can be upgraded directly to Lync.

I won’t go into too much detail since the guide is very detailed itself.  You must follow this guide exactly!  I actually skipped a step that made my first couple of attempts fail.  My OCS R2 deployment was internal only so I thought I could get away with not setting the External URL settings for the Device Update service.  As the guide says, you must configure the ExternalUpdatesDownloadURL and ExternalUpdatesStoreURL to a non-NULL value.  Once I did this, the updates started flowing.

The high-level update process was as follows:

OCS R2 Update Service

  • 1.0.199 (1.23) –> 1.0.522.101 (1.23)

Lync Server Update Service

  • 1.0.522.101 (1.23) –> 4.0.7577.296 (1.23)

Now my newly updated CX700 shows the latest Lync firmware:

WP_000041

I know this post won’t help out too many people unless they find a dusty closet with a bunch of phones in it, but thought I would document the experience any way.

Sunday, November 20, 2011

Lync November 2011 Server and Client Updates Released (CU4)

The Lync team has released server and client updates for November 2011. There are a lot of important updates in this CU, including preparing your environment for mobile clients.  Here are all the details:

Server Updates (7577.183) – DownloadKB 2493736

Note: Use the cumulative LyncServerUpdateInstaller.exe to install the updates to make sure all needed updates are applied.

Clients (7577.4051)

Phone Edition (7577.4047)

Group Chat

Monday, November 7, 2011

Enabling Outlook Delegates the Ability to Create Lync Online Meetings

During a recent Lync implementation the client heavily used Outlook delegates to manage calendars and to set up meetings on behalf of others.  After the users were enabled for Lync, delegates were unable to create Lync Online Meetings on behalf of the “boss”.  This did not break scheduling regular meetings, just Lync Online Meetings.  When trying to schedule, the following error appeared:

“You do not have permissions to schedule online meetings on behalf of the owner of this account.  Please contact the owner of the account to get delegate permissions in Lync.”

Lync Delegate - Outlook error

In order to enable delegates to schedule Online Meetings, the client policies need to be modified to enable the –EnableExchangeDelegateSync parameter.  In my example, I will be modifying the specific client policy by running:

Set-CsClientPolicy –Identity ExchangeDelegateSync –EnableExchangeDelegateSync $true

Lync Delegate - policy command2

Now when looking at my client policy by running: Get-CsClientPolicy –Identity ExchangeDelegateSync, I can see the parameter set:

Lync Delegate - policy output - markup

After logging back into the Lync client, Delegates will automatically get created in Lync.  You can see this from the main buddy list, as new groups are automatically created for both the “boss” and the delegate.

Boss – “Delegates” Group

Lync Delegate - client BossMan

Admin – “People I Manage Calls For” Group

Lync Delegate - client Admin

Now that the Outlook Delegates have been synced from Exchange, in our example the AdminAsst can now schedule Online Meetings on behalf of the BossMan and the meeting will reflect the BossMan’s meeting URL.

If users are enabled for Enterprise Voice, Lync delegates can be managed directly through the Lync client by clicking Options –> Call Forward Settings:

Lync Delegate - EV option - markup

Lync Delegate - EV option2

This post showed you how to enable users to create Lync Online Meetings on behalf of others.

Friday, October 28, 2011

Exchange 2010 SP1 Update Rollup 6 Available

An update for Exchange 2010 SP1 has just released and can be downloaded at: Exchange 2010 SP1 Update Rollup 6 Download. This will take you Exchange version up to 14.1.355.2

For a description of all the included fixes, see KB 2608646

For those of you running DAGs, please see the following article: Applying Updates to Exchange 2010 SP1

If you are running Forefront, it is important to disable Forefront protection during the update:

  • Before running patch: fscutility /disable
  • After running patch: fscutility /enable

Wednesday, October 12, 2011

Lync 2010 How-To Custom Help/Training Website

Recently, Microsoft release a great reference website to help out with training and adoption: Lync Adoption and Training Kit.  One of the tools within this kit is the Lync How-To custom intranet site.

Lync How To - Download Website

This will allow your organization to create a completely customizable quick reference portal for users to use to learn how to do perform common Lync tasks.  This includes step-by-step instructions and videos.  Later in the post I will also show how to customize the help URL within the Lync client to point to this portal.

Installing the Portal

The How-To portal can be installed as a Silverlight or HTML solution.  The Silverlight version will offer a rich experience with integrated video player.  If the HTML version is used, then videos will be launched using the local media player on the desktop.  This post will be installing the Silverlight version of the portal.

The first step is to copy all of the contents to a location on a web server.  In my example, I am copying the files to my Lync Front-End server since web services is installed and already being used.  I have also chosen to rename the rolodex.html file (primary launch file) to a better name for the URL that I want to publish: LyncHelp.html

Lync How To - File Copy

Now within IIS Manager, I will add a new Virtual Directory under the Internal Website and configure to point to my portal contents:

Lync How To - IIS add

Lync How To - IIS add - configure

Since I have two Front-End servers in my pool, I will replicate the same steps on my other server.  Now I can enter in the URL in my web browser to access the How-To portal:

Lync How To - default website

Customizing the Portal

The default How-To portal offers instructions and videos on all aspects of the Lync client: IM/P, voice, video, Online Meetings, Group Chat, Attendant console, etc.  In your environment, you may not have all the functionality enabled and want to hide those components to not confuse the users.  This can be done by modifying the rolodex.xml file in the folder location of the source files.

In my example, I am going to hide the “Group Chat” category and also the “Voice and Video –> Manage Voice Mail” sub-category.

Lync How To - pre-disable - markup

Now open up the rolodex.xml file and comment out (or delete) the sections that we want to hide:

Lync How To - delete group chat

Lync How To - delete manage vm

After refreshing the site, we will see that those sections have been removed:

Lync How To - disable

The portal is completely customizable based on the functionality that has been enabled for the users.  The “Lync_HowTo_AdminGuide.doc”, that is part of the initial download, describes more ways to modify the content and brand the portal.

Configuring the Lync Client to Point to Portal

The Lync client has built in help by pressing the “F1” key or by selecting help from the Lync menu:

Lync How To - client help

This takes you to Microsoft Online help:

Lync How To - web help default

We will now modify the Global Lync client policy so that the Help function within the Lync client will now point to our customized Lync portal.  This can be accomplished by running the following command:

Set-CsClientPolicy Global –CustomizedHelpUrl <WebURL> –EnableEnterpriseCustomizedHelp $true

Lync How To - Customized URL

Hmmm…that didn’t work.  If I use the command referenced in the screenshot, the URL ends up adding a bunch of “junk” to the end resulting in an invalid address:

Lync How To - client help error

I found this Technet Forum post that explains the error and workaround.  After implementing the “c_redir.aspx” file (with the the references pointing to my website) and repointing the URL to https://lyncwebint.twhlab.com/lynchelp/c_redir.aspx, the webpage worked as expected.

lync how to - new command

Summary

The Lync How-To portal is a great resource that allows users to get instructional help on common Lync tasks.  I encourage everyone to implement this and communicate that this is available.  This is a very valuable tool to deploy.

Hope this helps.

Monday, October 3, 2011

BUG: Lync Stress Tool and SQL Named Instances

The Lync Server Stress and Performance Tool has a major flaw when using a named SQL instance for the Lync back-end databases.  This post is based on the 7577.120 version of the tool and will not go into all of the ins and outs of the tool.

Problem:

First off, the GUI and field descriptions in the User Creation tool are very misleading.   Looking at the “Server” tab, it seems pretty straight forward on what to enter in the SQL fields…

Lync Stress - Server Tab - markup

Not the case, according to the Documentation, the following descriptions are used for those fields:

  • SQL BE Machine – type the name of the SQL Server Back End physical node
  • SQL Instance – type the database name

The database name in the Instance field?  Ok, so where do I put my Instance name?  All good questions… the problem is that this is the bug.  The tool does not allow for the SQL instance to be properly entered.  The following examples show different permutations trying to get the right information entered to represent the actual topology.

Symptoms:

Note: my actual SQL config is LABSQL01\Lync (Servername\Instance)

Variation #1:

Lync Stress - Config - Server - Instance

The tool will refer to the database and instance name as “Lync” (obviously, my database is not named “Lync”):

Lync Stress - Server - Instance

Variation #2:

Lync Stress - Config - Server - Database

The tool will refer to the database and instance name as “RTC”(obviously, my SQL instance is not named “RTC”):

Lync Stress - Server - Database

Variation #3:

Lync Stress - Config - ServerInstance - DB

The tool will add “RTC” as part of the Instance name and also the DB name:

Lync Stress - ServerInstance - DB

Variation #4:

Lync Stress - Config - Server - InstanceDB

The tool will add “Lync\RTC” as part of the Instance name and also the DB name:

Lync Stress - Server - InstanceDB

Conclusion:

Basically whatever is entered into the “SQL Instance” field will be used as the Instance and database name.

This could potentially be a great tool to use in the field, but currently it is only useful in a handful of deployments (Standard Edition or default instance installations of SQL back-end).  This has been reported to Microsoft and has been acknowledged as a known issue.  Hopefully a new release will soon be out.

Friday, September 23, 2011

Exchange 2007 SP3 Update Rollup 5 Available

An update for Exchange 2007 SP3 has just released and can be downloaded at: Exchange 2007 SP3 Update Rollup 5 Download

This brings the build number to: 8.3.213.1

  • For a description of all the included fixes, see KB 2602324

If you have a clustered environment, please see this article: Applying Exchange 2007 Update Rollups to Clustered Mailbox Servers

If you are running Forefront, it is important to disable Forefront protection during the update:

  • Before running patch: fscutility /disable
  • After running patch: fscutility /enable

Also remember to disable or remove all third party software during the upgrade (like antivirus, backup agents, disclaimers, etc.)

        NOTE: Update Rollup 6 for Exchange 2007 SP3 is scheduled for April 2012. More info from the Exchange Team

        Wednesday, September 21, 2011

        Understanding and Enforcing Licensing for the Lync Standard User CAL–Part 2

        In Part 1 of this article we looked at what functionality is included in the Standard CAL for Lync.  Now it is time to show how to enforce functionality by creating or modifying policies and configurations.

        There are three primary places that must be configured to enforce the Standard CAL:

        • Conferencing Policy
        • Meeting Configuration
        • Lync Outlook plug-in

        Conferencing Policy

        By default, Enterprise CAL functionality is enabled.  By looking at the Global conferencing policy (which gets assigned by default), we can see that most conferencing functionality is enabled:

        Lync SCAL2 - global default

        If your environment will only have Standard CAL users then all the following configurations can be performed at the Global scope level.  Looking at the parameters in the Global conferencing policy, we need to modify the following:

        • AllowIPAudio: False
        • AllowIPVideo: False
        • AllowUserToScheduleMeetingsWithAppSharing: False
        • AllowAnonymousParticipantsInMeetings: False
        • AllowPolls: False (wasn’t 100% sure on this one since it is not specifically defined in the licensing matrix)
        • EnableAppDesktopSharing: None (remember you can view, but not initiate)
        • EnableDialinConferencing: False

        I will create a new conferencing policy based on these criteria:

        New-CsConferencingPolicy –Identity “Conf-StandardCAL” –AllowIPAudio $false –AllowIPVideo $false –AllowUserToScheduleMeetingsWithAppSharing $false –AllowPolls $false –EnableAppDesktopSharing None –EnableDialinConferencing $false

        Lync SCAL2 - conf-scal

        Note the following:

        • Data Collaboration must be enabled to allow for multi-party File Transfer
        • Do not throttle the Max Meeting Size parameter to two or less since this would disable multi-party IM.  The following screenshots show the effect of throttling the Max Meeting Size:

        Lync SCAL - drag 3rd limited meetingLync SCAL - drag 3rd limited meeting - other

        Meeting Configuration

        By default, users within your company join Online Meetings as presenters.  You should change this default setting so that only the Organizer is the presenter.  This will prohibit Standard CAL users joining the meeting as a presenter.  The Organizer can always change per meeting at the time of scheduling the meeting within the Meeting Options of the Online Meeting.  To change the default behavior, navigate in the Lync Control Panel to Conferencing –> Meeting Configuration.  Select “None” in the Designate as presenter drop-down.

        Unfortunately, the only scope options are Global, Site, and Pool. Change the options of the Meeting Configuration so that “None” is set to the default presenter:

        Lync SCAL2 - meet config - markup

        Lync Outlook Plug-in

        Lync will install the Lync Outlook plug-in by default as part of the Lync client install.  This is great compared to OCS where it was two different installs, but can cause a confusing experience for Standard CAL users.  The only reason to use the plug-in is to schedule conferences. 

        Remember that Standard CAL users can attend a conference, but cannot initiate/schedule a conference.  If the Outlook plug-in remains visible, the Standard CAL user can still create an online meeting.  My suggestion is to disable the Lync Outlook plug-in, this will not prohibit them from attending a meeting that they are invited to.

        The registry setting that controls the load behavior of the Outlook plug-in is:

        HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\UCAddin.UCAddin.1\

        • DWORD: LoadBehavior
        • Value (Decimal): 2

        This can easily be rolled out and applied to StandardCAL users with a GPO:

        Lync SCAL2 - gpo

        Part 2 of this post describes how to enforce the Standard CAL Lync settings described in Part 1.  Licensing and interpretation of licensing is always tough, so if you feel that I have misrepresented the licensing provided to the Standard CAL user or feel that I have missed a configuration, please leave a comment.

        Thursday, September 15, 2011

        OCS R2 September 2011 Updates Released

        Looks like OCS R2 just got better.  Microsoft has released some updates for OCS 2007 R2.

        Here are the components that were updated for this round of updates:

        Server Updates (6907.236) - KB 968802

        Note: As always, the easiest way to make sure your server is up to date across all components is to use the Cumulative Server Update Installer (ServerUpdateInstaller.exe package)

        Client Updates

        • Communicator Client (6907.236) – KB 2590699
          • One of the fixes included is IM and call history are not stored in the default Exchange mailbox correctly (KB 2569723)
        • Attendant Console (6907.236) – KB 2590692

        Group Chat (6907.236)

        Monday, September 12, 2011

        Understanding and Enforcing Licensing for the Lync Standard User CAL–Part 1

        I think we can all agree that Microsoft licensing is confusing.  Most products have two types of user CALs: Standard and Enterprise.  Lync is even more confusing with three different user CALs: Standard, Enterprise, and Plus.  This article explains all the different CALs and what functionality is contained in each.  I have read the reference many times and can still walk away with my head spinning. 

        Part 1 - Explain and point out some of the misconceptions about the Standard CAL. 

        Part 2 – Show how to configure Lync to enforce the features of the Standard CAL. 

        I will never profess to be a licensing expert and encourage others to leave comments based on their interpretations.

        Let’s start by taking a look at the features mentioned in the article for the Standard CAL:

        • PC-to-PC and multi-party IM
        • PC-to-PC and multi-party File Transfer
        • PC-to-PC computer audio
        • PC-to-PC computer video
        • Group Chat
        • Skill Search
        • Rich Presence
        • PC-to-PC IM, audio, and video with federated and PIC contacts
        • Ability to attend conferences as an attendee (not a presenter) and participate with audio/video, view shared applications, view/write on whiteboard
        • View application sharing session

        So, I was previously under the impression that all PC-to-PC communications is allowed with the Standard CAL, but this is not the case.  What is missing from this list?  The following PC-to-PC communications are listed in the Enterprise CAL section:

        • Initiate ad-hoc application sharing (P2P or multi-party)
        • Initiate ad-hoc whiteboarding (P2P or multi-party)

        Basically, as a Standard CAL user, you have the right to:

        • All PC-to-PC communications except initiating a desktop/application sharing session or whiteboarding
        • Multi-party IM and file transfer
        • Attend web conferences as a participant only

        Anytime you want to add a third+ person to a conversation or web conference that will require an Enterprise CAL.  Anytime you want to schedule a meeting or audio conference that will require an Enterprise CAL.

        How do we enforce the Standard CAL list of features?  Stay tuned to Part 2.

        Again, comments are welcome on your interpretation of the licensing features.

        Thursday, September 1, 2011

        Lync Resource Kit Book Now Complete And Available For Download

        Members of the Microsoft Product Team, MCS, MVPs, and others have contributed to probably the most technical Lync resource around. 

        reskitbook

        This book is available by download only (free).  Download the Lync Resource Kit Book Now.

        The following is a list of the chapters:

        • Address Book Service
        • Archiving and Monitoring
        • Client Administration
        • Conferencing and Collaboration
        • Direct SIP
        • Enhanced Presence
        • Enterprise Voice
        • Exchange Unified Messaging Integration
        • External User Access
        • Interoperability with Third-party Systems
        • Interoperability with XMPP Systems Using the XMPP Gateway
        • New Features Overview
        • Response Group Application
        • Server Administration
        • SharePoint Integration
        • Technical Overview
        • Troubleshooting Basics

        I highly recommend this book…happy reading.

        Wednesday, August 24, 2011

        Exchange 2010 SP1 Update Rollup 5 Available

        An update for Exchange 2010 SP1 has just released and can be downloaded at: Exchange 2010 SP1 Update Rollup 5 Download. This will take you Exchange version up to 14.1.339.1

        For a description of all the included fixes, see KB 2582113

        For those of you running DAGs, please see the following article: Applying Updates to Exchange 2010 SP1

        If you are running Forefront, it is important to disable Forefront protection during the update:

        • Before running patch: fscutility /disable
        • After running patch: fscutility /enable

        NOTE: Update Rollup 6 for Exchange 2010 SP1 is currently scheduled for October 2011

        Wednesday, August 17, 2011

        Viewing and Reverting Default Global Policy Settings in Lync Server

        Have you been in the situation where you have messed around with policy settings and wish you could refer to what were the default settings?

        Do you wish you could revert (or reset) the global policies back to their original settings?

        If so, this blog post is for you.  Lync has provided a few easy ways to accomplish these tasks.  Note that the commands will only work on Global Policies.

        Determining Default Global Policy Settings

        By running Get-CsUser in the Lync Management Shell, you will notice that a user can be assigned many different kinds of policies.  For example, Voice Policy, Client Policy, Conferencing policy, and so on.

        Lync Pol - Get-CsUser - markup

        If the Policy is blank, that means that the user will apply whatever is defined in the Global policy.  You can find out the settings in a Global policy by running the Get-CsXXXPolicy –Identity Global.  For this blog I will be using the Voice Policy as my example.

        Running: Get-CsVoicePolicy –Identity Global | fl, I can see what is currently configured.

        Lync Pol - Get-CsVoicePolicy

        The –InMemory parameter lets you create a policy that exists only in memory.  This lets you view the default values for the specified policy.  Note this will not actually create a policy.

        Running: New-CsVoicePolicy –Identity “DiscoverDefaults” –InMemory

        Lync Pol - New-CsVoicePolicy-In Memory

        This allows me to compare what I have set in my Global policy to what the default settings are.

        Revert Any Global Policy Back to Default Values

        Although you cannot remove a global object you can use a Remove-CsXXXPolicy cmdlet to reset all the properties in that object to their default values.  If you run the Remove-CsXXXPolicy cmdlet against any policy besides the Global policy, it will delete your policy.

        Running: Remove-CsVoicePolicy –Identity Global will reset the Global policy back to its original values

        Lync Pol - Remove-CsVoicePolicy Global

        We can now check the settings of the policy by running:

        Get-CsVoicePolicy –Identity Global | fl

        Lync Pol - Get-CsVoicePolicy after reset

        This post showed how to check what default values are in the Global policies and also showed how to revert a Global policy back to its default values.

        Wednesday, August 10, 2011

        Determine Admin Role Needed to Run a Command in Lync

        Lync Server has adopted the Role Based Access Control (RBAC) administrative model to allow for easy delegation of administrative tasks.  To get you started, there are some default groups created:

        Lync Admin Role - list

        Note that you can create your own custom roles if desired by using the “New-CsAdminRole” command. 

        There is a simple command that can be used to determine what role is needed in order to execute specific commands.  This will allow you to identify what exact role a user will need to run the desired task.

        Use the following command:

        Get-CsAdminRole | Where-Object {$_.Cmdlets –match “command”}

        Here are a few examples…

        When running the command with “New-CsLocationPolicy”, you will notice that CSAdministrator, CSVoiceAdministrator, or CSServerAdministrator can run this command.

        Lync Admin Role - cmd1

        When running the command with “New-CsClientPolicy”, you will notice that CSAdministrator or CSServerAdministrator can run this command.

        Lync Admin Role - cmd2